The remote Ubuntu host is missing one or more security-related
patches.

Description :

The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)

The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)

Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)

John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)

Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)

Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)

A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)

Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Contact

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.